Friday, 28 October 2011

Dropbox Bug Made Accounts Accessible Without Passwords

Online storage provider Dropbox tolerated an authentication bug that made it probable to log into some users’ statements without a password for a short while, the financial gathering declares on its blog.
The bug was first publicized by Chris Soghoian some population of days ago. According to Dropbox, it changed a “very tiny number of users (much less than 1%)” and was fastened at 5:46 p.m. PT, five minutes after Dropbox admins divulged it.

Dropbox allegations it finished all logged-in
assemblies after they utilised the mend and is presently undertaking an examination of all extraordinary pursuit as long as the time the bug was active. The current renew on the Dropbox blog declares that “accounts that logged in as long as the interval have been emailed with supplemental activity-related particulars for review,” which signifies that all users will be competent to review if their statements were tampered with by an unauthorized party.

Dropbox’s speedy response was supplemented with an apology. Still, Dropbox’s enterprise is written knowledge synchronization and storage in the cloud, and security ought be one of its largest priorities.
The 4-year-old startup has propagated tremendously in the past year, climbing from 5 million users to more than 25 million users, who are collecting more than 300 million records each day. Even if less than 1% of users were changed in this episode, it could still add up to more than 200,000 users and millions of files.